[nycbug-talk] secure by default?

[G. Rosamond]

>From the deadly.org story. . .a Gates quote. . .

<quote>

Secure by default: That's making sure people can see very, very easily
exactly what type of network communication they're allowing, understand
exactly what that surface is, and we've eliminated a lot of the
so-called network responding services. We've defaulted off those
services, and we've made these group administrative policy management
capabilities apply very easily. So some can say, 'Are there any systems
on this network that have this port open? Are there any systems on this
network that have been experiencing a certain type of traffic?' And you
have this visibility not just on a single system-by-system level, but as
an administrator looking at all the different systems in your
environment.

<end of quote>

There is a noticeable change with Win2k3 server from my experience.  For
instance, you're not running SQL or a www server without knowing it on
your file server, for once.

Still not clear on *how* the 2k3 products are more secure and how to
judge by their own record.  They have really be only responsible for
taking down the web to a large extent only 2 times so far this year.

But to use "secure by default". . .

g